Hi! Welcome to the first lua api for scripting radare!
I have written the hack plugin and a radare.lua which implements the access api to the radare_cmd_str function accessed by the plugin thru the lua vm. This way I have managed to fix some console managing bugs when handling the output of commands and be able to implement an almost basic scripting api that I expect that it will grow fast. A real scripting language gives a more powerful key for radare to be used for automatized tasks like fuzzing, batch processing, automated unpacking, etc.. The current api consists on 3 pieces: Radare -- core radare api Radare.Debugger -- debugger radare api Radare.Print -- print data api (not yet implemented) Please take a look to the radare.lua file at src/plug/hack/radare.lua http://radare.nopcode.org/hg/radare?raw-file/8f54abcaf862/src/plug/hack/radare.lua You can use help() to list all the functions for each namespace. lua> help() Use help(Radare), help(Radare.Debugger) or help(Radare.Print) These namespaces has been aliased as 'r', 'd' and 'p'. lua> help(Radare) flag_list fortune eval flag cmp Print redo_seek cmd copy resize flag_get quit cmp_file open system flag_rename flag_remove endian paste Debugger seek interpret undo_seek lua> ATM you will have to read the radare.lua manually to understand the API, but its really easy to use. I plan to write a decent browseable documentation when stabilizing the api. Here's a sample debugger script: $ cat debugger.lua r.open("dbg:///bin/ls") d.dump("initial-snapshot") -- perform a dump of the process to disk -- little stupid byte movement example r.seek(0x8048000+0x18) -- seek to get entrypoint r.copy(4) r.paste(0xbfb5c000) -- copy the entrypoint into the stack -- debugger usage d.bp("entry") d.continue() -- break on entry d.bp_remove("entry") -- remove breakpoint print ( r.cmd("pD 40 @ eip") ) -- show bytes from eip (entrypoint) print ( r.cmd("x @ esp") ) -- show byts in stack d.step(3) -- perform 3 steps d.jmp("[0x8048018]") -- force jump to entrypoint again (3 previous opcodes will be executed twice) d.restore("initial-snapshot") -- restore the previous dumped process status r.system("rm -rf initial-snapshot") -- remove snapshot from disk d.continue() -- follow exeuction r.quit() [0x000000]> H lua debugger.lua (.. running script ..) So you see... using the basic r.cmd() function you can directly access to all the radare commands. feel free to send me comments about the api and more ideas ;D Have fun! --pancake _______________________________________________ radare mailing list [email protected] https://lists.nopcode.org/mailman/listinfo/radare
